const {sendErr} = require("./getSendResult")
const {pathToRegexp} = require("path-to-regexp");
// 权限判定白名单
const needToKenApi = [
    {path:"/api/student/login"},
    {path:"/api/student/register"},
    {path:"/api/student/find"},
    {path:"/api/admin/login"}
]
// 权限判定
module.exports = (req,res,next,authentication)=>{
    const apis = needToKenApi.filter(api => {
        const reg = pathToRegexp(api.path)
        return reg.test(req.originalUrl)
    })
    if(apis.length !== 0 || authentication.includes(req.user.hasOwnProperty("authentication") ? req.user.authentication : -1)){
        next()
    } else {
        handlerNonToken(req,res,next)
    }
}


// 处理没有认证的情况
function handlerNonToken(req,res,next){
    res.status(403).send(sendErr("insufficient privilege",403))
}